How an Identity Manager Stops Edward Snowden Administrators

Privileged whistleblower.

Since Edward Snowden’s release of over 1.7 million classified NSA documents, trusted identities and privileges require re-examination. While opinions regarding Snowden range from traitor to Noble Prize winner, his actions delivered a wake up call to IT leaders.

As an IT security professional, whether you support or abhor Snowden’s actions, you must take time to understand the numerous ways he comprised NSA systems and trust. This blog identifies the means by which Snowden was able to collect such an enormous cache of documents, files, and information from the most secure systems in the world. In exposing Snowden’s access methods, this blog identifies how an identity manager helps you safeguard against the intentional actions of privileged administrators.

Edward Snowden NSA Cyber Security Breach

To collect records, Snowden admits relying on a Googlebot-like WebCrawler to find and index NSA Intranet pages. However, no reports explain the actual methods Snowden used to upload and transport files. However, the blog post by Venafi CEO, Jeff Hudson, provides a compelling explanation. In his post, Hudson surmises Snowden fabricated digital certificates to breach NSA systems. To transport documents outside of the firewall, he leveraged the trust inherent in encryption to pass files through the NSA network undetected.

To accomplish a cyber heist of this magnitude, Snowden alarmingly relied on limited computing resources. Like many external attackers, Snowden used basic terminal or thin-client access to the NSA Intranet.

NSA Access Vulnerabilities and Cyber Security Breaches

Although Snowden’s methods for transporting and uploading files are unreported, the numerous ways in which he gained access to NSA systems are known.

According to reports, Edward Snowden gained access to privileged NSA information in the following ways:

Valid access: Snowden was issued a valid Common Access Card (CAC) that authenticated his identity and provided administrator privileges to the systems he was authorized to access.

Collaborators: At least one NSA civilian admitted allowing Snowden to use his civilian NSA Public Key Infrastructure (PKI) certificate. The civilian’s PKI certificate gave Snowden access to classified information he had been denied.

Trickery: One or more civilians entered PKI passwords at Snowden’s computer terminal and their passwords unknowingly were captured extending his access to classified information.

Grandfathered access: As an NSA employee, contractor at Dell and consultant for Booz Allen, Snowden had grandfathered passwords and access privileges.

How Identity Management Can Help Prevent Access Breaches

An identity management system can help prevent the unauthorized collection, use, and distribution of information by restricting and enforcing access management policies. For granting appropriate access, an identity and access management solution ensures the right people receive the right access to the right systems by utilizing approval workflows. An identity manager can also ensure users are automatically assigned roles containing appropriate entitlements as part of onboarding. It provides an auditable record and enforces access management policies across an enterprise. An effective user provisioning/deprovisioning solution also automatically removes access privileges upon termination. It guarantees a user’s access is removed in a timely manner.

Once access has been granted, it is important to perform access certifications utilizing risk intelligence to identify grandfathered access. Risk intelligence highlights information for accounts, particularly "outliers" or accounts with more privileges than normal. Identity risk intelligence provides information such as last login, last password change date and excessive access privileges compared to peers.

Identity Manager Business Rules

The case of Edward Snowden reinforces that organizations and government agencies are accountable for obeying laws, respecting regulations, and adhering to treaties. When acting outside of these boundaries, an organization exposes itself to system administrators with Edward Snowden’s intent. Ultimately, the prevention of unauthorized access and misuse of information lies with both information security and ethical business practices.

Get the Top 10 Identity Manager Migration Best Practices Workbook

Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.